- Have strong passwords, and don’t use the same one or two passwords for everything.

- Download free software only from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).

- Don’t open e-mail attachments in unsolicited e-mails, even if it comes from people in your contact list, and never click on a URL contained in an e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly.

- Use antivirus software on your smartphone. Criminals are already stealing personally identifiable information from smartphones after owners unknowingly download malware, and it won’t be long before we see the emergence of mobile botnets undertaking DDoS attacks and other criminal activities (unless users protect their smartphones now).

The use of botnets is on the rise. And industry experts estimate that botnet attacks have resulted in the overall loss of millions of dollars from financial institutions and other major U.S. businesses. They’ve also affected universities, hospitals, defense contractors, law enforcement, and all levels of government.

What exactly is a botnet? A bot, or web robot, is an automated malware program that scans blocks of network addresses and infects vulnerable computers. A network of these infected computers—numbering in the hundreds of thousands or even millions—is called a botnet (robot network), and each computer becomes connected to a command-and-control server operated by the criminal.

Once the botnet is in place, it can be used in distributed denial of service (DDoS) attacks, proxy and spam services, malware distribution, and other organized criminal activity. Botnets can also be used for covert intelligence collection, and terrorists or state-sponsored actors could use a botnet to attack Internet-based critical infrastructure. And, they can be used as weapons in ideology campaigns against their target to instigate fear, intimidation, or public embarrassment.

Your personal computer could become part of a botnet—it only takes one wrong click for you to download malicious code. For example, you might get an unsolicited e-mail promoting a dating website or a work-at-home arrangement or an e-mail that appears to come from your bank containing a seemingly harmless link. You could be sent a link by a friend asking you to view a great video (which was actually sent because the friend’s computer is already infected). You could see a link on a webpage that seems to be soliciting donations for a recent tragedy. And you might even visit a fraudulent website—or a legitimate one that’s been compromised—and download video, pictures, or a document containing malicious code.

Once the malware is on your computer, it’s hard to detect. And in addition to your computer being commanded to link up with other compromised computers to facilitate criminal activity, the bot can also collect and send out your personal identifiable information—like credit card numbers, banking information, and passwords—to the criminals running it. Those criminals will take advantage of the information themselves or offer it for sale on cyber criminal forums, and you could find yourself being victimized…again.

The FBI—with its law enforcement and private sector partners—has had success in taking down a number of large botnets, most notably Coreflood. But our work is never done, and by combining the resources of government and the private sector—and with the support of the public (see sidebar on protecting your own computer)—we will continue to improve cyber security by identifying and catching those who threaten it.